Vrealize Log Insight
by VMware
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2082 | Hig | 0.57 | 8.8 | 0.01 | Jul 3, 2016 | Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||
| CVE-2016-2081 | Med | 0.40 | 6.1 | 0.01 | Jul 3, 2016 | Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-5332 | Med | 0.35 | 5.3 | 0.03 | Aug 31, 2016 | Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2022-31711 | 0.10 | — | 0.22 | Jan 25, 2023 | VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. | |||
| CVE-2022-31706 | 0.10 | — | 0.87 | Jan 25, 2023 | The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||
| CVE-2022-31704 | 0.10 | — | 0.81 | Jan 25, 2023 | The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. | |||
| CVE-2022-31710 | 0.00 | — | 0.01 | Jan 25, 2023 | vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service. | |||
| CVE-2022-31703 | 0.00 | — | 0.02 | Dec 14, 2022 | The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||
| CVE-2022-31702 | 0.00 | — | 0.02 | Dec 14, 2022 | vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. | |||
| CVE-2022-31655 | 0.00 | — | 0.00 | Jul 12, 2022 | VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. | |||
| CVE-2022-31654 | 0.00 | — | 0.00 | Jul 12, 2022 | VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. | |||
| CVE-2021-22035 | 0.00 | — | 0.01 | Oct 13, 2021 | VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV… | |||
| CVE-2021-22021 | 0.00 | — | 0.00 | Aug 30, 2021 | VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim… | |||
| CVE-2020-3953 | 0.00 | — | 0.01 | Apr 15, 2020 | Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | |||
| CVE-2020-3954 | 0.00 | — | 0.01 | Apr 15, 2020 | Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | |||
| CVE-2018-6980 | 0.00 | — | 0.01 | Nov 13, 2018 | VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative… |
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.3epss 0.03
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2022-31711Jan 25, 2023risk 0.10cvss —epss 0.22
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
- CVE-2022-31706Jan 25, 2023risk 0.10cvss —epss 0.87
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
- CVE-2022-31704Jan 25, 2023risk 0.10cvss —epss 0.81
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
- CVE-2022-31710Jan 25, 2023risk 0.00cvss —epss 0.01
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
- CVE-2022-31703Dec 14, 2022risk 0.00cvss —epss 0.02
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
- CVE-2022-31702Dec 14, 2022risk 0.00cvss —epss 0.02
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.
- CVE-2022-31655Jul 12, 2022risk 0.00cvss —epss 0.00
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
- CVE-2022-31654Jul 12, 2022risk 0.00cvss —epss 0.00
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
- CVE-2021-22035Oct 13, 2021risk 0.00cvss —epss 0.01
VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV…
- CVE-2021-22021Aug 30, 2021risk 0.00cvss —epss 0.00
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim…
- CVE-2020-3953Apr 15, 2020risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
- CVE-2020-3954Apr 15, 2020risk 0.00cvss —epss 0.01
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
- CVE-2018-6980Nov 13, 2018risk 0.00cvss —epss 0.01
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative…